Applies To:

BIG-IP AFM

Overview: BIG-IP SNMP agent configuration

You can use the industry-standard SNMP protocol to manage BIG-IP® devices
on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary
tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and
controlling access to SNMP data.

Task summary

You specify contact information for the SNMP administrator, as well as the physical
location of the
BIG-IP® system running an SNMP agent.

On the Main tab, click System > SNMP > Agent > Configuration.

In the Global Setup area, in the Contact Information field, type
contact information for the SNMP administrator for this BIG-IP system.

The contact information is a MIB-II simple string variable. The contact
information usually includes both a user name and an email address.

In the Machine Location field, type the location of the
system, such as Network Closet 1.

The machine location is a MIB-II simple string variable.

Click Update.

Configure SNMP manager access to the SNMP
agent on the BIG-IP system

Before you start this task, you should
gather the IP addresses of the SNMP managers that you want to have access to the SNMP
agent on this BIG-IP® system.

You configure the SNMP agent on the
BIG-IP system so that a client running the SNMP manager can access the SNMP agent to
remotely manage the BIG-IP system.

On the Main tab, click System > SNMP > Agent > Configuration.

In the Client Allow List area, for the Type
setting, select either Host or
Network, depending on whether the IP address you specify is a
host system or a subnet.

Note: By default, SNMP is enabled only for the BIG-IP system loopback interface
(127.0.0.1).

In the Address field, type either an IP address or network
address from which the SNMP agent can accept requests.

If you selected Network in step 2, type the netmask in the
Mask field.

Click Add.

Click Update.

The BIG-IP system now contains a list of IP addresses for SNMP managers from which
SNMP requests are accepted.

Grant community access to v1 or v2c SNMP
data

To better control access to SNMP
data, you can assign an access level to an SNMP v1 or v2c community.

Note: SNMPv1 does not support Counter64
OIDs, which are used for accessing most statistics. Therefore, for SNMPv1 clients,
an snmp walk command skips any OIDs of type Counter64. We recommend
that you use only clients that support SNMPv2 or later.

On the Main tab, click System > SNMP > Agent > Access (v1, v2c).

Click Create.

From the Type list, select either IPv4 or
IPv6.

In the Community field, type the name of the SNMP community for
which you are assigning an access level.

From the Source list, select All, or
select Select and type the source IP address in the field that
displays.

In the OID field, type the OID for the top-most node of the SNMP
tree to which the access applies.

From the Access list, select an access level, either
Read Only or Read/Write.

Note: When you set the access level of a community or user to read/write, and an individual data
object has a read-only access type, access to the object remains read-only. In short, the
access level or type that is the most secure takes precedence when there is a
conflict.

Click Finished.

The
BIG-IP® system updates the snmpd.conf file,
assigning only a single access setting to the community as shown in this sample
snmpd.conf file.

Example snmpd.conf file

In the
following sample code from an snmpd.conf file, string
rocommunity public default identifies a community named
public that has the default read-only access-level. This
access-level prevents any allowed SNMP manager in community
public from modifying a data object, even if the object has
an access type of read/write. The string rwcommunity public1 identifies
a community named public1 as having a read/write access-level.
This access-level allows any allowed SNMP manager in community
public1 to modify a data object under the tree node
.1.3.6.1.4.1.3375.2.2.10.1 (ltmVirtualServ) on the local host
127.0.0.1, if that data object has an access type of
read/write.

Grant user
access to v3 SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP
v3 user.

On the Main tab, click System > SNMP > Agent > Access (v3).

Click Create.

In the User Name field, type the name of the user for which you
are assigning an access level.

In the Authentication area, from the Type list, select a type of
authentication to use, and then type and confirm the user’s password.

In the Privacy area, from the Protocol list, select a privacy
protocol, and either type and confirm the user’s password, or select the Use
Authentication Password check box.

In the OID field, type the OID for the top-most node of the SNMP
tree to which the access applies.

From the Access list, select an access level, either
Read Only or Read/Write.

Note: When you set the access level of a community or user to read/write, and an individual data
object has a read-only access type, access to the object remains read-only. In short, the
access level or type that is the most secure takes precedence when there is a
conflict.

Click Finished.

The
BIG-IP® system updates the snmpd.conf file,
assigning only a single access setting to the user.

Overview: SNMP trap configuration

SNMP traps are definitions of unsolicited notification messages that the BIG-IP® alert system and the SNMP agent send to the SNMP manager when certain
events occur on the BIG-IP system. Configuring SNMP traps on a BIG-IP system means configuring
how the BIG-IP system handles traps, as well as setting the destination to which the
notifications are sent.

The BIG-IP system stores SNMP traps in two specific files:

/etc/alertd/alert.conf

Contains default SNMP traps.

Important: Do not add or remove traps from the /etc/alertd/alert.conf file.

/config/user_alert.conf

Contains user-defined SNMP traps.

Task summary

Perform these tasks to configure SNMP traps for certain events and set trap destinations.

Enabling traps for specific events

You can configure the SNMP agent on the BIG-IP® system to send,
or refrain from sending, notifications to the traps destinations.

On the Main tab, click System > SNMP > Traps > Configuration.

To send traps when an administrator starts or stops the SNMP agent, verify that the
Enabled check box for the Agent Start/Stop
setting is selected.

To send notifications when certain warnings occur, verify that the
Enabled check box for the Device setting
is selected.

Click Update.

The BIG-IP system automatically updates the alert.conf file.

Setting v1 and v2c trap destinations

Specify the IP address of the SNMP manager in order for the BIG-IP® system to send notifications.

On the Main tab, click System > SNMP > Traps > Destination.

Click Create.

For the Version setting, select either v1 or v2c.

In the Community field, type the community name for the
SNMP agent running on the BIG-IP system.

In the Destination field, type the IP address of the SNMP
manager.

In the Port field, type the port number on the SNMP manager that
is assigned to receive the traps.

Click Finished.

Setting v3 trap destinations

Specify the destination SNMP manager to which the BIG-IP® system
sends notifications.

On the Main tab, click System > SNMP > Traps > Destination.

Click Create.

For the Version setting, select
v3.

In the Destination field, type the IP address of the SNMP
manager.

In the Port field, type the port number on the SNMP manager that
is assigned to receive the traps.

From the Security Level list, select the level of security at which you want SNMP messages processed.

Option

Description

Auth, No Privacy

Process SNMP messages using authentication but without encryption. When you use
this value, you must also provide values for the Security Name,
Authentication Protocol, and Authentication
Password settings.

Auth and Privacy

Process SNMP messages using authentication and encryption. When you use this
value, you must also provide values for the Security Name,
Authentication Protocol, Authentication
Password, Privacy Protocol, and
Privacy Password settings.

In the Security Name field, type the user name the system uses
to handle SNMP v3 traps.

In the Engine ID field, type an administratively unique
identifier for an SNMP engine. (This setting is optional.) You can find the engine ID in
the /config/net-snmp/snmpd.conf file on the BIG-IP system. Please
note that this ID is identified in the file as the value of the oldEngineID token.

From the Authentication Protocol list, select the algorithm the
system uses to authenticate SNMP v3 traps.

When you set this value, you must also enter a value in the
Authentication Password field.

In the Authentication Password field, type the password the
system uses to handle an SNMP v3 trap.

When you set this value, you must also select a
value from the Authentication Protocol list.

Note: The authentication password must be at least 8 characters long.

If you selected Auth and Privacy from the Security
Level list, from the Privacy Protocol list, select
the algorithm the system uses to encrypt SNMP v3 traps. When you set this value, you must
also enter a value in the Privacy Password field.

If you selected Auth and Privacy from the Security
Level list, in the Privacy Password field, type the
password the system uses to handle an encrypted SNMP v3 trap. When you set this value, you
must also select a value from the Privacy Protocol list.

Note: The authentication password must be at least 8 characters long.

Click Finished.

Viewing pre-configured SNMP traps

Verify that your user account grants you access to the advanced shell.

Pre-configured traps are stored in the /etc/alertd/alert.conf
file. View these SNMP traps to understand the data that the SNMP manager can
use.

Use this command to view the SNMP traps that are pre-configured on the BIG-IP® system: cat
/etc/alertd/alert.conf.

Creating custom SNMP traps

Verify that your user account grants you access to tmsh.

Create custom SNMP traps that alert the SNMP manager to specific SNMP events that
occur on the network when the pre-configured traps do not meet all of your
needs.

Log in to the command line.

Create a backup copy of the file /config/user_alert.conf,
by typing this command: cp /config/user_alert.conf
backup_file_name

alert_name represents a descriptive name. The
alert_name or matched_message
value cannot match the corresponding value in any of the SNMP traps
defined in the /etc/alertd/alert.conf or
/config/user_alert.conf file.

matched_message represents the text that matches the
Syslog message that triggers the custom trap. You can specify either a
portion of the Syslog message text or use a regular expression. Do not
include the Syslog prefix information, such as the date stamp and
process ID, in the match string.

The XXX portion of the OID value represents a number
that is unique to this OID. Specify any OID that meets all of these
criteria:

Is in standard OID format and within the range
.1.3.6.1.4.1.3375.2.4.0.300 through
.1.3.6.1.4.1.3375.2.4.0.999.

Is in a numeric range that can be processed by your trap
receiving tool.

Does not exist in the MIB file
/usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt.

Is not used in another custom trap.

As an example, to create a custom SNMP trap that is triggered whenever the
system logs switchboard failsafe status changes, add the following trap
definition to /config/user_alert.conf.

This
trap definition causes the system to log the following message to the file
/var/log/ltm, when switchboard failsafe is enabled:
Sep 23 11:51:40 bigip1.askf5.com lacpd[27753]: 01160016:6:
Switchboard Failsafe enabled.

AOM-related traps and recommended actions

This table provides information about the Always-On Management (AOM)-related notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipLibhalAomEventWarning (.1.3.6.1.4.1.3375.2.4.0.167)

AOM has issued a warning event.

Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised.

bigipLibhalAomEventError (.1.3.6.1.4.1.3375.2.4.0.168)

AOM has issued an error event.

Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised.

bigipLibhalAomEventAlert (.1.3.6.1.4.1.3375.2.4.0.169)

AOM has issued an alert event.

Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised.

bigipLibhalAomEventCritical (.1.3.6.1.4.1.3375.2.4.0.170)

AOM has issued a critical event.

Inspect the /var/log/ltm file for additional messages that might provide
further clarity on why the warning was raised.

bigipLibhalAomEventEmergency (.1.3.6.1.4.1.3375.2.4.0.171)

AOM has issued an emergency event.

Inspect the /var/log/ltm file for additional messages that might provide
further clarity on why the warning was raised.

bigipLibhalAomEventInfo (.1.3.6.1.4.1.3375.2.4.0.172)

AOM has issued an information event.

Inspect the /var/log/ltm file for additional messages that
might provide further clarity on why the warning was raised.

bigipLibhalAomSensorTempWarning (.1.3.6.1.4.1.3375.2.4.0.173)

AOM has issued a temperature sensor warning level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature.

bigipLibhalAomSensorTempError (.1.3.6.1.4.1.3375.2.4.0.174)

AOM has issued a temperature sensor warning level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature.

bigipLibhalAomSensorTempAlert (.1.3.6.1.4.1.3375.2.4.0.175)

AOM has issued a temperature sensor alert level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature.

bigipLibhalAomSensorTempCritical (.1.3.6.1.4.1.3375.2.4.0.176)

AOM has issued a temperature sensor critical level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature.

bigipLibhalAomSensorTempEmergency (.1.3.6.1.4.1.3375.2.4.0.177)

AOM has issued a temperature sensor emergency level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature.

bigipLibhalAomSensorTempInfo (.1.3.6.1.4.1.3375.2.4.0.178)

AOM has issued a temperature sensor information level event.

Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down. Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.

bigipLibhalAomSensorFanWarning (.1.3.6.1.4.1.3375.2.4.0.179)

AOM has issued a fan sensor warning level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan
tray is fully seated using the supplied screws.

bigipLibhalAomSensorFanError (.1.3.6.1.4.1.3375.2.4.0.180)

AOM has issued a fan sensor error level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.

bigipLibhalAomSensorFanAlert (.1.3.6.1.4.1.3375.2.4.0.181)

AOM has issued a fan sensor alert level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.

bigipLibhalAomSensorFanCritical (.1.3.6.1.4.1.3375.2.4.0.182)

AOM has issued a fan sensor critical level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.

bigipLibhalAomSensorFanEmergency (.1.3.6.1.4.1.3375.2.4.0.183)

AOM has issued a fan sensor emergency level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.

bigipLibhalAomSensorFanInfo (.1.3.6.1.4.1.3375.2.4.0.184)

AOM has issued a fan sensor information level event.

Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.

bigipLibhalAomSensorPwrWarning (.1.3.6.1.4.1.3375.2.4.0.185)

AOM has issued a power sensor warning level event.

Ensure that the power supply unit (PSU) is properly seated. Ensure that the PSU has an
appropriate power feed.

bigipLibhalAomSensorPwrError (.1.3.6.1.4.1.3375.2.4.0.186)

AOM has issued a power sensor error level event.

Ensure that the PSU is properly seated. Ensure that the PSU has an appropriate
power feed.

bigipLibhalAomSensorPwrAlert (.1.3.6.1.4.1.3375.2.4.0.187)

AOM has issued a power sensor alert level event.

Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed.

bigipLibhalAomSensorPwrCritical (.1.3.6.1.4.1.3375.2.4.0.188)

AOM has issued a power sensor critical level event.

Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed.

bigipLibhalAomSensorPwrEmergency (.1.3.6.1.4.1.3375.2.4.0.189)

AOM has issued a power sensor emergency level event.

Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed.

bigipLibhalAomSensorPwrInfo (.1.3.6.1.4.1.3375.2.4.0.190)

AOM has issued a power sensor information level event.

Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed.

ASM-related traps and recommended actions

This table provides information about the ASM™-related
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipAsmRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.38)

The BIG-IP® system blocked an HTTP request because the
request contained at least one violation to the active security policy.

Check the HTTP request to determine the cause of the violation.

bigipAsmRequestViolation (.1.3.6.1.4.1.3375.2.4.0.39)

The BIG-IP system issued an alert because an HTTP request violated the active
security policy.

Check the HTTP request to determine the cause of the violation.

bigipAsmFtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.79)

The BIG-IP system blocked an FTP request because the request contained at least
one violation to the active security policy.

Check the FTP request to determine the cause of the violation.

bigipAsmFtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.80)

The BIG-IP system issued an alert because an FTP request violated the active
security policy.

Check the FTP request to determine the cause of the violation.

bigipAsmSmtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.85)

The BIG-IP system blocked an SMTP request because the request contained at least
one violation to the active security policy.

Check the SMTP request to determine the cause of the violation.

bigipAsmSmtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.86)

The BIG-IP system issued an alert because an SMTP request violated the active
security policy.

Check the SMTP request to determine the cause of the violation.

bigipAsmDosAttackDetected (.1.3.6.1.4.1.3375.2.4.0.91)

The BIG-IP system detected a denial-of-service (DoS) attack.

Determine the availability of the application by checking the response time of the
site.

Check the BIG-IP ASM logs:

Identify the source IP of the attack and observe other violations from the same
source. Determine if the source IP is attacking other resources. Consider blocking the
source IP in the ACL.

Identify the URL that is under attack. Consider disabling the URL, if the attack is
not mitigated quickly.

bigipAsmBruteForceAttackDetected (.1.3.6.1.4.1.3375.2.4.0.92)

The BIG-IP system detected a brute force attack.

Check the BIG-IP ASM logs:

Identify the source IP of the attack and observe other violations from the same
source. Determine if the source IP is attacking other resources. Consider blocking the
source IP in the ACL.

Identify the user name that is under attack. Consider contacting the user and
locking their account.

This table provides information about the Application Visibility and Reporting (AVR)
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipAvrAlertsMetricSnmp (.1.3.6.1.4.1.3375.2.4.0.105)

A BIG-IP system AVR SNMP metric changed.

Information only, no action required.

bigipAvrAlertsMetricSmtp (.1.3.6.1.4.1.3375.2.4.0.106)

A BIG-IP system AVR SMTP metric changed.

Information only, no action required.

Authentication-related traps and recommended actions

This table provides information about the authentication-related notifications that an
SNMP manager can receive.

Trap Name

Description

Recommended Action

bigipTamdAlert (.1.3.6.1.4.1.3375.2.4.0.21)

More than 60 authentication attempts have failed within one second, for a given
virtual server.

Investigate for a possible intruder.

bigipAuthFailed (.1.3.6.1.4.1.3375.2.4.0.27)

A login attempt failed.

Check the user name and password.

DDM-related traps and recommended actions

This table provides information about the Digital Diagnostic Monitoring (DDM)-related notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipDDMPowerAlarm (.1.3.6.1.4.1.3375.2.4.0.158)

The Digital Diagnostic Monitoring (DDM) on a pluggable optical transceiver
detected an alarm condition. DDM monitors both transmit and receive optical power to
ensure the laser power is between vendor-specified power thresholds for pluggable optical
modules such as SFP/SFP+/QSFP+/QSFP28. An alarm can occur when a cable is removed from a
plugged port, or when the front panel port or the transceiver is not configured or
operating properly.

Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The
action to take for F5 branded optics (the following troubleshooting steps) depends on a
condition derived from the two states (low/high and transmit/receive):

Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable
it.

High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times.
Check to see if a link comes up without a DDM error after each insertion. If a problem
persists, then it is a bad F5 Optic.

Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable.
Verify that the transmission power on the other end of the cable is correct. Recheck
the optical link budget calculations. Clean the optical cables, connectors, and/or
lens. For any receive problem, look at the transmitter to make sure it is okay and the
correct protocol.

High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and
make sure they are compatible. Verify that the transmission power on the other end is
okay. Recheck the optical link budget calculations. For any receive problem, look at
the transmitter to make sure it is okay and the correct protocol.

bigipDDMPowerWarn (.1.3.6.1.4.1.3375.2.4.0.159)

The DDM on a pluggable optical transceiver detected a warning condition. DDM
monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds for pluggable optical modules such as
SFP/SFP+/QSFP+/QSFP28. A warning can occur when a cable is removed from a plugged port, or
when the front panel port or the transceiver is not configured or operating
properly.

Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The
action to take for F5 branded optics (the following troubleshooting steps) depends on a
condition derived from the two states (low/high and transmit/receive):

Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable
it.

High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times.
Check to see if a link comes up without a DDM error after each insertion. If a problem
persists, then it is a bad F5 Optic.

Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable.
Verify that the transmission power on the other end of the cable is correct. Recheck
the optical link budget calculations. Clean the optical cables, connectors, and/or
lens. For any receive problem, look at the transmitter to make sure it is okay and the
correct protocol.

High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and
make sure they are compatible. Verify the transmission power on the other end is okay.
Recheck the optical link budget calculations. For any receive problem, look at the
transmitter to make sure it is okay and the correct protocol.

bigipDDMPowerAlarmClear (.1.3.6.1.4.1.3375.2.4.0.160)

The DDM on a pluggable optical transceiver no longer detects an alarm condition.
DDM monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds.

Depending on the state of the network, action might or might not be required. The
previous alarm has cleared.

bigipDDMPowerWarnClear (.1.3.6.1.4.1.3375.2.4.0.161)

The DDM on a pluggable optical transceiver no longer detects a warning condition.
DDM monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds.

Depending on the state of the network, action might or might not be required. The
previous alarm has cleared.

bigipDDMNonF5Optics (.1.3.6.1.4.1.3375.2.4.0.162)

A non-F5 pluggable optical transceiver is present in an interface. See K8153 at
http://support.f5.com for restrictions on third-party hardware
components with F5 products.

Might need to replace with an F5 branded optic.

DoS-related traps and recommended actions

This table provides information about the denial-of-service (DoS)-related
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipAggrReaperStateChange (.1.3.6.1.4.1.3375.2.4.0.22)

The state of the aggressive reaper has changed, indicating that the BIG-IP® system is moving to a distress mode.

Use the default denial-of-service (DoS) settings. You can also add rate filters to
survive the attack.

bigipDosAttackStart (.1.3.6.1.4.1.3375.2.4.0.133)

The BIG-IP system detected a DoS attack start.

Check the attack name in the notification to determine the kind of attack that is
detected.

bigipDosAttackStop (.1.3.6.1.4.1.3375.2.4.0.134)

The BIG-IP system detected a DoS attack stop.

Information only, no action required.

General traps and recommended actions

This table provides information about the general notifications that an SNMP manager
can receive.

Trap name

Description

Recommended action

bigipDiskPartitionWarn (.1.3.6.1.4.1.3375.2.4.0.25)

Free space on the disk partition is less than the specified limit. By default,
the limit is 30% of total disk space.

Increase the available disk space.

bigipDiskPartitionGrowth (.1.3.6.1.4.1.3375.2.4.0.26)

The disk partition use exceeds the specified growth limit. By default, the limit
is 5% of total disk space.

Increase the available disk space.

bigipUpdatePriority (.1.3.6.1.4.1.3375.2.4.0.153)

There is a high priority software update available.

Download and install the software update.

bigipUpdateServer (.1.3.6.1.4.1.3375.2.4.0.154)

Unable to connect to the F5 server running update checks.

Verify the server connection settings.

bigipUpdateError (.1.3.6.1.4.1.3375.2.4.0.155)

There was an error checking for updates.

Investigate the error.

bigipAgentStart (.1.3.6.1.4.1.3375.2.4.0.1)

The SNMP agent on the BIG-IP® system has been
started.

For your information only. No action required.

bigipAgentShutdown (.1.3.6.1.4.1.3375.2.4.0.2)

The SNMP agent on the BIG-IP system is in the process of being shut down.

For your information only. No action required.

bigipAgentRestart (.1.3.6.1.4.1.3375.2.4.0.3)

The SNMP agent on the BIG-IP system has been restarted.

This trap is for future use only.

BIG-IP DNS-related traps and recommended actions

This table provides information about the DNS-related
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipGtmBoxAvail (.1.3.6.1.4.1.3375.2.4.0.77)

The BIG-IP® system has come UP.

Information only, no action required.

bigipGtmBoxNotAvail (.1.3.6.1.4.1.3375.2.4.0.78)

The BIG-IP system has gone DOWN.

Information only, no action required.

bigipGtmBig3dSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.81)

The certificate /config/big3d/client.crt has expired.

Replace the certificate.

bigipGtmBig3dSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.82)

The certificate /config/big3d/client.crt will expire soon.

Replace the certificate.

bigipGtmSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.83)

The certificate /config/gtm/server.crt has expired.

Replace the certificate.

bigipGtmSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.84)

The certificate /config/gtm/server.crt will expire soon.

Replace the certificate.

bigipGtmPoolAvail (.1.3.6.1.4.1.3375.2.4.0.40)

A global traffic management pool is available.

Information only, no action required.

bigipGtmPoolNotAvail (.1.3.6.1.4.1.3375.2.4.0.41)

A global traffic management pool is not available.

Information only, no action required.

bigipGtmPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.42)

A global traffic management pool is disabled.

Check the status of the pool.

bigipGtmPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.43)

A global traffic management pool is enabled.

Information only, no action required.

bigipGtmLinkAvail (.1.3.6.1.4.1.3375.2.4.0.44)

A global traffic management link is available.

Information only, no action required.

bigipGtmLinkNotAvail (.1.3.6.1.4.1.3375.2.4.0.45)

A global traffic management link is not available.

Check the status of the link, as well as the relevant detailed log message.

bigipGtmLinkDisabled (.1.3.6.1.4.1.3375.2.4.0.46)

A global traffic management link is disabled.

Check the status of the link.

bigipGtmLinkEnabled (.1.3.6.1.4.1.3375.2.4.0.47)

A global traffic management link is enabled.

Information only, no action required.

bigipGtmWideIpAvail (.1.3.6.1.4.1.3375.2.4.0.48)

A global traffic management wide IP is available.

Information only, no action required.

bigipGtmWideIpNotAvail (.1.3.6.1.4.1.3375.2.4.0.49)

A global traffic management wide IP is unavailable.

Check the status of the wide IP, as well as the relevant detailed log message.

bigipGtmWideIpDisabled (.1.3.6.1.4.1.3375.2.4.0.50)

A global traffic management wide IP is disabled.

Check the status of the wide IP.

bigipGtmWideIpEnabled (.1.3.6.1.4.1.3375.2.4.0.51)

A global traffic management wide IP is enabled.

Information only, no action required.

bigipGtmPoolMbrAvail (.1.3.6.1.4.1.3375.2.4.0.52)

A global traffic management pool member is available.

Information only, no action required.

bigipGtmPoolMbrNotAvail (.1.3.6.1.4.1.3375.2.4.0.53)

A global traffic management pool member is not available.

Check the status of the pool member, as well as the relevant detailed log message.

bigipGtmPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.54)

A global traffic management pool member is disabled.

Check the status of the pool member.

bigipGtmPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.55)

A global traffic management pool member is enabled.

Information only, no action required.

bigipGtmServerAvail (.1.3.6.1.4.1.3375.2.4.0.56)

A global traffic management server is available.

Information only, no action required.

bigipGtmServerNotAvail (.1.3.6.1.4.1.3375.2.4.0.57)

A global traffic management server is unavailable.

Check the status of the server, as well as the relevant detailed log message.

bigipGtmServerDisabled (.1.3.6.1.4.1.3375.2.4.0.58)

A global traffic management server is disabled.

Check the status of the server.

bigipGtmServerEnabled (.1.3.6.1.4.1.3375.2.4.0.59)

A global traffic management server is enabled.

Information only, no action required.

bigipGtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.60)

A global traffic management virtual server is available.

Information only, no action required.

bigipGtmVsNotAvail (.1.3.6.1.4.1.3375.2.4.0.61)

A global traffic management virtual server is unavailable.

Check the status of the virtual server, as well as the relevant detailed log message.

bigipGtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.62)

A global traffic management virtual server is disabled.

Check the status of the virtual server.

bigipGtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.63)

A global traffic management virtual server is enabled.

Information only, no action required.

bigipGtmDcAvail (.1.3.6.1.4.1.3375.2.4.0.64)

A global traffic management data center is available.

Information only, no action required.

bigipGtmDcNotAvail (.1.3.6.1.4.1.3375.2.4.0.65)

A global traffic management data center is unavailable.

Check the status of the data center, as well as the relevant detailed log message.

bigipGtmDcDisabled (.1.3.6.1.4.1.3375.2.4.0.66)

A global traffic management data center is disabled.

Check the status of the data center.

bigipGtmDcEnabled (.1.3.6.1.4.1.3375.2.4.0.67)

A global traffic management data center is enabled.

Information only, no action required.

bigipGtmAppObjAvail (.1.3.6.1.4.1.3375.2.4.0.69)

A global traffic management application object is available.

Information only, no action required.

bigipGtmAppObjNotAvail (.1.3.6.1.4.1.3375.2.4.0.70)

A global traffic management application object is unavailable.

Check the status of the application object, as well as the relevant detailed log message.

bigipGtmAppAvail (.1.3.6.1.4.1.3375.2.4.0.71)

A global traffic management application is available.

Information only, no action required.

bigipGtmAppNotAvail (.1.3.6.1.4.1.3375.2.4.0.72)

A global traffic management application is unavailable.

Check the status of the application, as well as the relevant detailed log message.

bigipGtmJoinedGroup (.1.3.6.1.4.1.3375.2.4.0.73)

The BIG-IP system joined a global traffic management synchronization group.

Information only, no action required.

bigipGtmLeftGroup (.1.3.6.1.4.1.3375.2.4.0.74)

The BIG-IP system left a global traffic management synchronization group.

Information only, no action required.

bigipGtmKeyGenerationExpiration (.1.3.6.1.4.1.3375.2.4.0.95)

A generation of a DNSSEC key expired.

Information only, no action required.

bigipGtmKeyGenerationRollover (.1.3.6.1.4.1.3375.2.4.0.94)

A generation of a DNSSEC key rolled over.

Information only, no action required.

bigipGtmProberPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.99)

A global traffic management prober pool is disabled.

Check the status of the prober pool.

bigipGtmProberPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.100)

A global traffic management prober pool is enabled.

Information only, no action required.

bigipGtmProberPoolStatusChange (.1.3.6.1.4.1.3375.2.4.0.97)

The status of a global traffic management prober pool has changed.

Check the status of the prober pool.

bigipGtmProberPoolStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.98)

The reason the status of a global traffic management prober pool has
changed.

The action required is based on the reason given.

bigipGtmProberPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.103)

A global traffic management prober pool member is disabled.

Check the status of the prober pool member.

bigipGtmProberPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.104)

A global traffic management prober pool member is enabled.

Information only, no action required.

bigipGtmProberPoolMbrStatusChange (.1.3.6.1.4.1.3375.2.4.0.101)

The status of a global traffic management prober pool member has changed.

Check the status of the prober pool member.

bigipGtmProberPoolMbrStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.102)

The reason the status of a global traffic management prober pool member has changed.

The action required is based on the reason given.

Hardware-related traps and recommended actions

This table provides information about hardware-related notifications that an SNMP
manager can receive. If you receive any of these alerts, contact F5®
Networks technical support.

Trap name and Associated OID

Description

Recommended action

bigipAomCpuTempTooHigh (.1.3.6.1.4.1.3375.2.4.0.93)

The AOM is reporting that the air temperature near the CPU is too
high.

Check the input and output air temperatures. Run an iHealth®
report and troubleshoot based on the results. If the condition persists, contact F5
Networks technical support.

If this is the first alert, the disk might continue to operate for a short time.
Contact F5 Networks technical support.

bigipNetLinkDown (.1.3.6.1.4.1.3375.2.4.0.24)

An interface link is down.

This alert applies to L1 and L2, which are internal links within the device
connecting the CPU and Switch subsystems. These links should never be down. If this
occurs, the condition is serious. Contact F5 Networks technical support.

bigipExternalLinkChange
(.1.3.6.1.4.1.3375.2.4.0.37)

The status of an external interface link has changed to either UP, DOWN, or
UNPOPULATED.

This occurs when network cables are added or removed, and the network is
reconfigured. Determine whether the link should be down or up, and then take the
appropriate action.

bigipPsPowerOn (.1.3.6.1.4.1.3375.2.4.0.147)

The power supply for the BIG-IP system was powered on.

Information only, no action required, unless this trap is unexpected. In that
case, verify that the power supply is working and that system has not rebooted.

bigipPsPowerOff (.1.3.6.1.4.1.3375.2.4.0.148)

The power supply for the BIG-IP system was powered off.

Information only, no action required, unless power off was unexpected. In that
case, verify that the power supply is working and that system has not rebooted.

bigipPsAbsent (.1.3.6.1.4.1.3375.2.4.0.149)

The power supply for the BIG-IP system cannot be detected.

Information only, no action required when the BIG-IP device is operating with one power
supply. For BIG-IP devices with two power supplies installed, verify that both power
supplies are functioning correctly and evaluate symptoms.

bigipSystemShutdown (.1.3.6.1.4.1.3375.2.4.0.151)

The BIG-IP system has shut down.

Information only, no action required when the shut down was expected. Otherwise,
investigate the cause of the unexpected reboot.

bigipFipsDeviceError (.1.3.6.1.4.1.3375.2.4.0.152)

The FIPS card in the BIG-IP system has encountered a problem.

Contact F5 Networks technical support.

High-availability system-related traps and recommended actions

This table provides information about the high-availability system-related
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14)

The BIG-IP® system has switched to standby mode.

Review the log files in the /var/log directory and then
search for core files in the /var/core directory. If you find a core
file, or find text similar to fault at location xxxx stack trace:,
contact F5® Networks technical support.

bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75)

In failover condition, this standby system cannot become active.

Investigate failover condition on the standby system.

bigipActive (.1.3.6.1.4.1.3375.2.4.0.15)

The BIG-IP system has switched to active mode.

Information only, no action required.

bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16)

The BIG-IP system is in active-active mode.

Information only, no action required.

bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17)

A high-availability feature has failed.

View high-availability processes and their current status.

bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18)

A high-availability feature is responding.

View high-availability processes and their current status.

bigipTrafficGroupStandby (.1.3.6.1.4.1.3375.2.4.0.141)

The status of a traffic group has changed to stand by.

Information only, no action required. To determine the reason for the failover,
review the LTM® log /var/log/ltm and search for
keywords active or standby. Additionally, you can run the tmsh command
tmsh show sys ha-status to view the failover conditions.

bigipTrafficGroupActive (.1.3.6.1.4.1.3375.2.4.0.142)

The status of a traffic group has changed to active.

Information only, no action required. To determine the reason for the failover,
review the LTM log /var/log/ltm and search for keywords active or
standby. Additionally, you can run the tmsh command tmsh show
sys ha-status to view the failover conditions.

bigipTrafficGroupOffline (.1.3.6.1.4.1.3375.2.4.0.143)

The status of a traffic group has changed to offline.

Information only, no action required.

bigipTrafficGroupForcedOffline (.1.3.6.1.4.1.3375.2.4.0.144)

The status of a traffic group has changed to forced offline.

Information only, no action required.

bigipTrafficGroupDeactivate (.1.3.6.1.4.1.3375.2.4.0.145)

A traffic group was deactivated.

Information only, no action required. To determine the reason for the
deactivation, review the LTM log /var/log/ltm and search for the
keyword deactivate.

bigipTrafficGroupActivate (.1.3.6.1.4.1.3375.2.4.0.146)

A traffic group was activated.

Information only, no action required. To determine the reason for the
deactivation, review the LTM log /var/log/ltm and search for the
keyword activate.

License-related traps and recommended actions

This table provides information about the license-related notifications that an SNMP
manager can receive.

Trap name

Description

Recommended action

bigipLicenseFailed (.1.3.6.1.4.1.3375.2.4.0.19)

Validation of a BIG-IP® system license has failed, or the
dossier has errors.

Occurs only when first licensing the system or adding a module key (such as HTTP
compression) to an existing system. If using automatic licensing, verify connectivity to
the outside world, fix the dossier if needed, and try again.

bigipLicenseExpired (.1.3.6.1.4.1.3375.2.4.0.20)

The BIG-IP license has expired.

Call F5® Networks technical support.

bigipDnsRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.139)

The BIG-IP DNS Services license is rate-limited and the system has reached the
rate limit.

Call F5 Networks technical support to upgrade your license.

bigipGtmRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.140)

The BIG-IP DNS license is rate-limited and the system has
reached the rate limit.

Call F5 Networks technical support to upgrade your license.

bigipCompLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.35)

The compression license limit is exceeded.

Purchase additional compression licensing from F5 Networks.

bigipSslLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.36)

The SSL license limit is exceeded, either for transactions per second (TPS) or
for megabits per second (MPS).

Purchase additional SSL licensing from F5 Networks.

LTM-related traps and recommended actions

This table provides information about the LTM®-related
notifications that an SNMP manager can receive.

The BIG-IP® system DNS cache received unsolicited query
replies exceeding the configured threshold.

Check the BIG-IP system logs to determine if the system is experiencing a
distributed denial-of-service (DDoS) attack.

bigipNodeRate (.1.3.6.1.4.1.3375.2.4.0.130)

A local traffic management node has received connections exceeding the configured
rate-limit.

Consider provisioning more resources on the BIG-IP system for this virtual
server.

bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12)

A BIG-IP system health monitor has marked a node as down.

Check the node and the cable connection.

bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13)

A BIG-IP system health monitor has marked a node as up.

Information, no action required.

bigipMemberRate (.1.3.6.1.4.1.3375.2.4.0.131)

A local traffic management pool member has received connections exceeding the
configured rate-limit.

Consider provisioning more resources on the BIG-IP system for this virtual
server.

bigipVirtualRate (.1.3.6.1.4.1.3375.2.4.0.132)

A local traffic management virtual server has received connections exceeding the
configured rate-limit.

Consider provisioning more resources on the BIG-IP system for this virtual
server.

bigipLtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.135)

A local traffic management virtual server is available to receive
connections.

Information only, no action required.

bigipLtmVsUnavail (.1.3.6.1.4.1.3375.2.4.0.136)

A local traffic management virtual server is not available to receive
connections.

Check the virtual server.

bigipLtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.137)

A local traffic management virtual server
is
enabled.

Information only, no action required.

bigipLtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.138)

A local traffic management virtual server
is
disabled.

Information only, no action required.

bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10)

A BIG-IP system health monitor has detected a service on a node to be stopped and
thus marked the node as down.

Restart the service on the node.

bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11)

A BIG-IP system health monitor has detected a service on a node to be running and
has therefore marked the node as up.

Information only, no action required.

bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34)

The BIG-IP system has rejected some packets.

Check the detailed message within this trap and act accordingly.

bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76)

The TMM has run out of source ports and cannot open new communications channels
with other machines.

Either increase the number of addresses available for SNAT automapping or SNAT
pools, or lower the idle timeout value if the value is excessively high.

Logging-related traps and recommended actions

This table provides information about the logging-related notifications that an SNMP
manager can receive.

Trap name

Description

Recommended action

bigipLogEmerg (.1.3.6.1.4.1.3375.2.4.0.29)

The BIG-IP® system is unusable. This notification occurs
when the system logs a message with the log level LOG_EMERG.

Check the detailed message within this trap and
within the /var/log files to determine which process has the
emergency. Then act accordingly.

bigipLogAlert (.1.3.6.1.4.1.3375.2.4.0.30)

The BIG-IP system requires immediate action to function properly. This
notification occurs when the system logs a message with the log level
LOG_ALERT.

Check
the detailed message within this trap and within the /var/log files
to determine which process has the alert situation. Then act accordingly.

bigipLogCrit (.1.3.6.1.4.1.3375.2.4.0.31)

The BIG-IP system is in critical condition. This notification occurs when the
system logs a message with the log level LOG_CRIT.

Check the detailed message
within this trap and within the /var/log files to determine which
process has the critical situation. Then act accordingly.

bigipLogErr (.1.3.6.1.4.1.3375.2.4.0.32)

The BIG-IP system has some error conditions. This notification occurs when the system logs a message with the log level LOG_ERR.

Check the detailed message within this trap and within the /var/log files to determine which processes have the error conditions.
Then act accordingly.

bigipLogWarning (.1.3.6.1.4.1.3375.2.4.0.33)

The BIG-IP system is experiencing some warning conditions. This notification occurs when the system logs a message with the log level LOG_WARNING.

Check the detailed message within this trap and within the
/var/log files to determine which processes have the warning
conditions. Then act accordingly.

Network-related traps and recommended actions

This table provides information about the network-related notifications that an SNMP
manager can receive.

Trap name

Description

Recommended action

bigipARPConflict (.1.3.6.1.4.1.3375.2.4.0.23)

The BIG-IP ®system has detected an ARP advertisement for any
of its own ARP-enabled addresses. This can occur for a virtual server address or a self IP
address.

Check IP addresses and routes.

vCMP-related traps and recommended actions

This table provides information about the virtual clustered multiprocessing (vCMP®)-related notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipVcmpAlertsVcmpPowerOn (.1.3.6.1.4.1.3375.2.4.0.107)

The BIG-IP® system powered on a vCMP guest from a suspended
or powered-off state.

Information only, no action required.

bigipVcmpAlertsVcmpPowerOff (.1.3.6.1.4.1.3375.2.4.0.108)

The BIG-IP system powered off a vCMP guest.

Information only, no action required.

bigipVcmpAlertsVcmpHBLost (.1.3.6.1.4.1.3375.2.4.0.109)

The BIG-IP system cannot detect a heartbeat from a vCMP guest.

Check the guest and restart, if necessary.

bigipVcmpAlertsVcmpHBDetected (.1.3.6.1.4.1.3375.2.4.0.110)

The BIG-IP system detected a heartbeat from a new or returning vCMP
guest.

Information only, no action required.

VIPRION-related traps and recommended actions

This table provides information about the VIPRION®-related
notifications that an SNMP manager can receive.

Trap name

Description

Recommended action

bigipClusterdNoResponse (.1.3.6.1.4.1.3375.2.4.0.89)

The cluster daemon failed to respond for 10 seconds or more.

Start the cluster daemon.

bigipClusterPrimaryChanged (.1.3.6.1.4.1.3375.2.4.0.150)

The primary cluster has changed.

Information only, no action required.

About enterprise MIB files

The enterprise MIB files contain F5® Networks specific information. All
OIDS for the BIG-IP® system data are contained in the F5 enterprise MIB
files, including all interface statistics (1.3.6.1.4.1.3375.2.1.2.4
(sysNetwork.sysInterfaces)). These enterprise MIB files reside on the
BIG-IP system:

F5-BIGIP-COMMON-MIB.txt

Contains information that the SNMP manager can use to help manage F5-specific notifications
(SNMP traps) that all other BIG-IP MIB files reference.

F5-BIGIP-SYSTEM-MIB.txt

Contains information that the SNMP manager can use to help manage BIG-IP system objects, such
as global statistic data, network information, and platform information.

F5-BIGIP-LOCAL-MIB.txt

Contains information that the SNMP manager can use to help manage BIG-IP local traffic
objects, such as virtual servers, pools, nodes, profiles, health monitors, iRules®, and SNATs. Also contains information on AFM™ objects, such as firewall rules and DoS vectors.

F5-BIGIP-GLOBAL-MIB.txt

Contains information that the SNMP manager can use to help manage global traffic objects,
such as wide IPs, virtual servers, pools, links, servers, and data centers.

F5-BIGIP-APM-MIB.txt

Contains information that the SNMP manager can use to help manage access policy objects,
such as profiles, statistics, lease pools, and ACLs.

F5-BIGIP-WAM-MIB.txt

Contains information that the SNMP manager can use to help manage traffic acceleration
objects, such as applications, profiles, and statistics.

Task summary

Perform these tasks when working with MIB files.

Downloading enterprise and NET-SNMP MIBs to the SNMP manager

View the set of standard SNMP MIB files that you can download to the SNMP manager,
by listing the contents of the BIG-IP® system directory
/usr/share/snmp/mibs.

Download compressed files that contain the enterprise and NET-SNMP MIBs.

Viewing objects in enterprise MIB files

You must have the Administrator user role assigned to your
user account.

View information about a BIG-IP system object by listing the contents of an
enterprise MIB file.

Access a console window on the BIG-IP system.

At the command prompt, list the contents of the directory
/usr/share/snmp/mibs.

View available objects in the relevant MIB file.

Viewing SNMP traps in F5-BIGIP-LOCAL-MIB.txt

Verify that you have the Administrator user role assigned to
your user account.

When an F5-specific trap sends a notification to the SNMP manager, the SNMP manager
receives a text message describing the event or problem that has occurred. You can
identify the traps specified in the F5-BIGIP-LOCAL-MIB.txt file by viewing the file.

Access a console window on the BIG-IP system.

At the command prompt, list the contents of the directory
/usr/share/snmp/mibs.

View the F5-BIGIP-LOCAL-MIB.txt file.

Look for objects with the prefix ltmFw for firewall
rules, and ltmDos for DoS attacks.

Collecting network firewall data using SNMP

For example, this SNMP command collects data on firewall rules memory usage,
where public is the community name and you are logged in
to the BIG-IP system: snmpwalk-cpubliclocalhostltmFwRuleStat

The SNMP manager now queries the system about firewall rules.

Collecting DoS attack data using SNMP

You can use SNMP commands to gather DoS attack data.

Write an SNMP command to gather DoS attack data from the BIG-IP system.

For example, this SNMP command collects DoS attack data, where
public is the community name and you are logged in
locally to the BIG-IP® system:
snmpwalk-cpubliclocalhostltmDosAttackDataStat

The SNMP manager displays a list of all the DoS attack types and hits on those
attack types.

About enterprise MIB files

The enterprise MIB files contain F5® Networks specific information. All
OIDS for the BIG-IP® system data are contained in the F5 enterprise MIB
files, including all interface statistics (1.3.6.1.4.1.3375.2.1.2.4
(sysNetwork.sysInterfaces)). These enterprise MIB files reside on the
BIG-IP system:

F5-BIGIP-COMMON-MIB.txt

Contains information that the SNMP manager can use to help manage F5-specific notifications
(SNMP traps) that all other BIG-IP MIB files reference.

F5-BIGIP-SYSTEM-MIB.txt

Contains information that the SNMP manager can use to help manage BIG-IP system objects, such
as global statistic data, network information, and platform information.

F5-BIGIP-LOCAL-MIB.txt

Contains information that the SNMP manager can use to help manage BIG-IP local traffic
objects, such as virtual servers, pools, nodes, profiles, health monitors, iRules®, and SNATs. Also contains information on AFM™ objects, such as firewall rules and DoS vectors.

F5-BIGIP-GLOBAL-MIB.txt

Contains information that the SNMP manager can use to help manage global traffic objects,
such as wide IPs, virtual servers, pools, links, servers, and data centers.

F5-BIGIP-APM-MIB.txt

Contains information that the SNMP manager can use to help manage access policy objects,
such as profiles, statistics, lease pools, and ACLs.

F5-BIGIP-WAM-MIB.txt

Contains information that the SNMP manager can use to help manage traffic acceleration
objects, such as applications, profiles, and statistics.

Task summary

Perform these tasks when working with MIB files.

Downloading enterprise and NET-SNMP MIBs to the SNMP manager

View the set of standard SNMP MIB files that you can download to the SNMP manager,
by listing the contents of the BIG-IP® system directory
/usr/share/snmp/mibs.

Download compressed files that contain the enterprise and NET-SNMP MIBs.

Viewing objects in enterprise MIB files

You must have the Administrator user role assigned to your
user account.

View information about a BIG-IP system object by listing the contents of an
enterprise MIB file.

Access a console window on the BIG-IP system.

At the command prompt, list the contents of the directory
/usr/share/snmp/mibs.

View available objects in the relevant MIB file.

Viewing SNMP traps in F5-BIGIP-COMMON-MIB.txt

Verify that you have the Administrator user role assigned to
your user account.

When an F5-specific trap sends a notification to the SNMP manager, the SNMP manager
receives a text message describing the event or problem that has occurred. You can
identify the traps specified in the F5-BIGIP-COMMON-MIB.txt file by viewing the
file.

Access a console window on the BIG-IP system.

At the command prompt, list the contents of the directory
/usr/share/snmp/mibs.

View the F5-BIGIP-COMMON-MIB.txt file. Look for object names with the
designation NOTIFICATION-TYPE.

Viewing dynamic routing SNMP traps and associated OIDs

Verify that you have the Administrator user role assigned to
your user account.

When you want to set up your network management systems to watch for problems with
dynamic routing, you can view SNMP MIB files to discover the SNMP traps that the
dynamic routing protocols send, and to find the OIDs that are associated with those
traps.

Access a console window on the BIG-IP system.

At the command prompt, list the contents of the directory
/usr/share/snmp/mibs.

View the following dynamic routing MIB files:

BGP4-MIB.txt

ISIS-MIB.txt

OSPF6-MIB.txt

OSPF-MIB.txt

OSPF-TRAP-MIB.txt

RIPv2-MIB.txt

Monitoring BIG-IP system processes using SNMP

Ensure that your SNMP manager is running either SNMP v2c or SNMP v3, because all
BIG-IP® system statistics are defined by 64-bit counters, and only SNMP v2c and SNMP v3
support 64-bit counters. Ensure that you have downloaded the F-5 Networks enterprise and
NET-SNMP MIBs to the SNMP manager.

You can monitor a specific process on the BIG-IP system using SNMP. To do this you can
use the HOST-RESOURCES MIB and write a script to monitor the
process.

Write a script to monitor a BIG-IP system process using the
HOST-RESOURCES MIB.

For example, this command determines the number of TMM processes currently
running on the system: snmpwalk-v2c-cpubliclocalhosthrSWRunName | egrep"\"tmm(.[0-9]+)?\"" | wc-l

The script can now query the BIG-IP system about the status of processes.

Collecting BIG-IP system memory usage data using SNMP

You can use an SNMP command with OIDs to gather data on the number of bytes of memory
currently being used on the BIG-IP® system.

Note: To interpret data on memory use,
you do not need to perform a calculation on the collected data.

Write an SNMP command to gather data on the number of bytes of memory currently
being used on the BIG-IP system.

For example, this SNMP command collects data on current memory usage, where
public is the community name and
bigip is the host name of the BIG-IP system:
snmpget-cpublicbigipsysGlobalStat.sysStatMemoryUsed.0

The SNMP manager can now query the BIG-IP system about CPU and memory
usage.

Collecting BIG-IP system data on HTTP requests using SNMP

You can use SNMP commands with an OID to gather and interpret data on the number of
current HTTP requests on the BIG-IP® system. The following table shows the required
OIDs for polling data on HTTP requests.

Performance Graph

Graph Metrics

Required SNMP OIDs

HTTP Requests

HTTP Requests

sysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)

The following table shows the required calculations for interpreting metrics on HTTP
requests.

Performance Graph

Graph Metric

Required calculations for HTTP requests

HTTP Requests

HTTP Requests

<DeltaStatHttpRequests> / <interval>

For each OID, perform two separate polls, at an interval of your choice. For
example, poll OID sysStatHttpRequests
(.1.3.6.1.4.1.3375.2.1.1.2.1.56)twice, at a 10-second interval.
This results in two values,
<sysStatHttpRequests1> and
<sysStatHttpRequests2>.

Perform the calculation on the OID deltas. The value for
interval is 10. For example, to calculate the value of
the HTTP Requests graph metric:

(<DeltaStatHttpRequests>) / <interval>

Collecting BIG-IP system data on throughput rates using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the
throughput rate on the BIG-IP® system. The following table shows the individual OIDs
that you must poll, retrieving two separate poll values for each OID.

For each OID, perform two separate polls, at an interval of your choice. For
example, poll OID sysStatServerBytesIn
(.1.3.6.1.4.1.3375.2.1.1.2.1.10)twice, at a 10-second interval.
This results in two values,
<sysStatServerBytesIn1> and
<sysStatServerBytesIn2>.

Calculate the delta of the two poll values. For example, for the Server
Bits In graphic metric, perform this calculation:

Perform the calculation on the OID deltas. For this calculation, it is the average per second in the last <interval>. The value for
interval is 10. For example, to calculate the value of
the Server Bits In graph metric:

(<DeltaStatServerBytesIn>) / <interval>

Collecting BIG-IP system data on RAM cache using SNMP

You can use an SNMP command with various OIDs to gather and interpret data on RAM
cache use. The following table shows the required OIDs for polling for data on RAM
Cache use.

Perform the calculation on the OID deltas. The value for interval is 10.
For example, to calculate the value of the SSL transactions using SNMP:

(<DeltaClientsslStatClientTotConns>) / <interval>

Collecting BIG-IP system data on CPU usage based on a predefined polling interval

For the CPU[0-n] and Global Host CPU Usage graph metrics, you can instruct the BIG-IP® system to gather and collect CPU usage data automatically, based on a predifined polling interval.
Use the sysMultiHostCpu and sysGlobalHostCpu MIBs.

The following
table shows the required OIDs for automatic collection of CPU[0-n] graphic
metrics.

Collecting BIG-IP system data on CPU usage based on a custom polling interval

For the CPU[0-n], Global Host CPU, and TMM CPU Usage graph metrics, an alternative to
instructing the BIG-IP® system to collect CPU usage data automatically, is to do it
maually, based on a custom polling interval. For the CPU[0-n] and Global Host CPU
graph metrics, use the sysMultiHostCpu and sysGlobalHostCpu MIBs. For the TMM CPU
Usage graphic metric, use the sysStatTm MIB.

The following table shows the required SNMP OIDs for collecting CPU data manually.

Performance Graph

Graph Metric

Required SNMP OIDs

CPU Usage

CPU[0-n]

sysMultiHostCpuUser
(.1.3.6.1.4.1.3375.2.1.7.5.2.1.4)

sysMultiHostCpuNice (.1.3.6.1.4.1.3375.2.1.7.5.2.1.5)

sysMultiHostCpuSystem (.1.3.6.1.4.1.3375.2.1.7.5.2.1.6)

sysMultiHostCpuIdle (.1.3.6.1.4.1.3375.2.1.7.5.2.1.7)

sysMultiHostCpuIrq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.8)

sysMultiHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.9)

sysMultiHostCpuIowait (.1.3.6.1.4.1.3375.2.1.7.5.2.1.10)

CPU Usage

TMM[0-m]

sysTmmStatTmUsageRatio5s
(.1.3.6.1.4.1.3375.2.1.8.2.3.1.37.[tmm_id])

sysTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.38.[tmm_id])

sysTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.39.[tmm_id])

CPU Usage

Global Host CPU Usage

sysGlobalHostCpuCount (.1.3.6.1.4.1.3375.2.1.1.2.20.4)

sysGlobalHostActiveCpu (.1.3.6.1.4.1.3375.2.1.1.2.20.5)

sysGlobalHostCpuUser (.1.3.6.1.4.1.3375.2.1.1.2.20.6)

sysGlobalHostCpuNice
(.1.3.6.1.4.1.3375.2.1.1.2.20.7)

sysGlobalHostCpuSystem (.1.3.6.1.4.1.3375.2.1.1.2.20.8)

sysGlobalHostCpuIdle
(.1.3.6.1.4.1.3375.2.1.1.2.20.9)

sysGlobalHostCpuIrq (.1.3.6.1.4.1.3375.2.1.1.2.20.10)

sysGlobalHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.1.2.20.11)

sysGlobalHostCpuIowait (.1.3.6.1.4.1.3375.2.1.1.2.20.12)

CPU Usage

Global TMM CPU Usage

sysGlobalTmmStatTmUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.21.34)

sysGlobalTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.21.35)

sysGlobalTmmStatTmUsageRatio5m
(.1.3.6.1.4.1.3375.2.1.1.2.21.36)

CPU Usage

TMM CPU Usage

sysStatTmTotalCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.41)

sysStatTmIdleCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.42)

sysStatTmSleepCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.43)

The following table shows the formulas for calculating metrics on CPU use.

Performance Graph

Graph Metric

Required calculations for CPU use

CPU Usage

CPU[0-n]

(<DeltaCpuUsers>) + (<DeltaCpuNice> +
<DeltaCpuSystem>
/

(<DeltaCpuUsers>) + <DeltaCpuNice> + <DeltaCpuIdle> +

<DeltaCpuSystem> + <DeltaCpulrq> + <DeltaCpuSoftirq> +

<DeltaCpulowait>) *100

CPU Usage

Global Host CPU Usage

(<DeltaCpuUsers> + <DeltaCpuNice> +
<DeltaCpuSystem>)
/

(<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuIdle> +

<DeltaCpuSystem> + <DeltaCpuIrq> + <DeltaCpuSoftirq> +

<DeltaCpuIowait>) *100

Poll the OID sysMultiHostCpuUser
(.1.3.6.1.4.1.3375.2.1.7.5.2.1.4) twice, at a 10-second interval.
This results in two values, sysMultiHostCpuUser1and and sysMultiHostCpuUser2.

Calculate the delta of the two poll values. For example:

<DeltaCpuUser> = <sysMultiHostCpuUser2> - <sysMultiHostCpuUser1>.

Repeat steps 1 and 2 for each OID pertaining to the
CPU[0-n] graph metric.

Repeat steps 1 and 2 again, using the OIDs from the MIBs
sysStatTmand sysGlobalHostCpu.

Calculate the values of the graphic metrics using the formulas in the table
above.

Collecting BIG-IP system performance data on new connections using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the
number of new connections on the BIG-IP® system. The following table shows the
required OIDs for the Performance graphs in the Configuration utility.

For each OID, perform two separate polls, at an interval of your choice.

For example, for the client accepts metric, poll OID sysTcpStatAccepts
(.1.3.6.1.4.1.3375.2.1.1.2.12.6) twice, at a 10-second interval.
This results in two values,
<sysTcpStatAccepts1> and
<sysTcpStatAccepts2>.

Calculate the delta of the two poll values.

For example, for the client accepts metric, perform this
calculation:

<DeltaTcpStatAccepts> = <sysTcpStatAccepts2> - <sysTcpStatAccepts1>

Perform a calculation on the OID deltas. The value for
interval is the polling interval. For example, to
calculate the value of the client accepts metric:

<DeltaTcpStatAccepts> / <interval>

Collecting BIG-IP system performance data on active connections using SNMP

Write an SNMP command with the various OIDs shown in the table to gather and
interpret data on the number of active connections on the BIG-IP® system.

Note: To interpret data on active connections, you do not need to perform any
calculations on the collected data.

Performance Graph

Graph Metrics

Required SNMP OIDs

Active Connections Summary

Connections

sysStatClientCurConns
(.1.3.6.1.4.1.3375.2.1.1.2.1.8)

Active Connections Detailed

Client

Server

SSL Client

SSL Server

sysStatClientCurConns
(.1.3.6.1.4.1.3375.2.1.1.2.1.8)

sysStatServerCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.15)

sysClientsslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.9.2)

sysServersslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.10.2)

About the RMON MIB file

The BIG-IP® system provides the remote network monitoring (RMON) MIB file, RMON-MIB.txt. This
file contains remote network monitoring information. The implementation of RMON on the BIG-IP
system differs slightly from the standard RMON implementation, in the following ways:

The BIG-IP system implementation of RMON supports only these four of the nine RMON
groups: statistics, history, alarms, and events.

The RMON-MIB.txt file monitors the BIG-IP system interfaces (that is, sysIfIndex), and
not the standard Linux interfaces.

For hardware reasons, the packet-length-specific statistics in the RMON statistics group
offer combined transmission and receiving statistics only. This behavior differs from the
behavior described in the definitions of the corresponding OIDs.